The nastiest of malicious software, ransomware, has been found hidden away within an app that was freely available to download through Google’s Play Store.
The news is alarming for a number of reasons but the most worrying aspect is that the app was able to circumvent Google’s safety nets and find its way onto a user’s smartphone.
The ransomware known as Charger was discovered by Check Point which says it was contained within an app called EnergyRescue. One unsuspecting user downloaded the app and gave it admin permissions. Once Charger had this access it locked the handset down and displayed the following message:
“You need to pay for us, otherwise we will sell portion of your personal information on black market every 30 minutes. WE GIVE 100% GUARANTEE THAT ALL FILES WILL RESTORE AFTER WE RECEIVE PAYMENT. WE WILL UNLOCK THE MOBILE DEVICE AND DELETE ALL YOUR DATA FROM OUR SERVER! TURNING OFF YOUR PHONE IS MEANINGLESS, ALL YOUR DATA IS ALREADY STORED ON OUR SERVERS! WE STILL CAN SELLING IT FOR SPAM, FAKE, BANK CRIME etc… We collect and download all of your personal data. All information about your social networks, Bank accounts, Credit Cards. We collect all data about your friends and family.”
A ransom of 0.2 bitcoin (~R2 300) is demanded to unlock the smartphone but Check Point says it has not seen any payments being made to the associated bitcoin account.
If that wasn’t enough the malware also stole contacts and SMS messages from a user’s Android device.
The firm says that the ransom being demanded is high when compared to the ransom demanded by DataLust which was a mere $15.
Why Charger is so dangerous
What makes Charger so dangerous is that the faceless miscreants behind its creation did a damned good job of hiding the payload so as to escape Google’s security checks.
Malware found on the Play Store often contains a “dropper” which downloads the malicious payload after a user has installed the infected app. Charger however had all the components it needed to sow havoc on users contained within EnergyRescue.
“The developers of Charger gave it everything they had to boost its evasion capabilities and so it could stay hidden on Google Play for as long as possible,” said Check Point.
The EnergyRescue app appears to have been removed from the Play Store but its existence and the fact that it evaded detection for so long should be a sign that now is the time to install some form of protection on your smartphone.
[Image – CC BY SA 2.0 Buster Benson]